I am building an app using express.js and vue 3, and I am using session based auth, it is working great on local.
However it is not working in production. here is my code for configuring the session and the cookie:
// in app.js
app.use(
session({
name: "totask.sid",
secret: config.sessionSecret,
resave: false,
saveUninitialized: false,
unset: "destroy",
cookie: {
sameSite: "none",
secure: config.env === 'production' ? true : false,
httpOnly: true,
maxAge: 60 * 60 * 1000 * 24 * 30,
},
store: MongoStore.create({ mongoUrl: config.mongoose.url }),
})
);
and here is how it is showing the cookie in browser:
cookies in browser
I have the api deployed in render and the frontend in netlify (for test)
I tried changing the configuration but I wasn't able to solve it.
The problem was that the frontend and backend are on two different domains, and my browser was blocking the cross site cookies
